Security Champions Playbook is a project started in preparation for the presentation "Security Champions 2.0" at OWASP Bucharest AppSec Conference 2017. It describes the main steps for fast establishment of a Security Champions program regardless of the company size and maturity of the existing security processes.
Security Champions are "active members of a team that may help to make decisions about when to engage the Security Team". They act as a core element of security assurance process within the product or service and hold the role of the Single Pint of Contact (SPOC) within the team. The OWASP Security Champions program is an initiative that aims to improve software security by encouraging organizations to designate and empower security champions within their development teams. The program provides resources and support to help these security champions develop their skills and promote a security-first culture within their organization.
#Here are some of the key features of the OWASP Security Champions program:
-
Training and Education: The program provides access to a range of training and education resources to help security champions develop their skills and knowledge of software security. This includes online courses, webinars, and other resources that are specifically tailored to the needs of security champions.
-
Community and Networking: The program connects security champions with a global community of peers, allowing them to share experiences, ideas, and best practices for improving software security.
-
Best Practices and Tools: The program provides guidance and best practices for integrating security into the software development process. This includes tools and resources to help security champions identify and address common vulnerabilities, as well as templates and guides for creating secure development processes.
-
Recognition and Support: The program provides recognition and support for security champions, helping to promote their efforts and acknowledge their contributions to improving software security within their organization.
By empowering security champions within development teams, the OWASP Security Champions program helps to promote a culture of security awareness and responsibility within organizations, leading to more secure software and improved overall security posture.
Main advantages of having a team of Security Champions:
- Scaling security through multiple teams
- Engaging "non-security" folks
- Establishing the security culture
To keep it simple, I've listed six easy-to-follow steps with clarifications for each step. Chapters include general recommendations, links to known good sources as well as personal experience. I will be happy to hear your feedback and update the playbook. Current version:
